Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.

Microsoft patent may ruin Skype, may make VoIP spy and pry easy for gov't

A Microsoft patent mentions both law enforcement and government having a need to sometimes "monitor communications," but is aimed at VoIP "recording agents" for "silently recording communications," and possibly indicates future Skype surveillance.

Oh man! Don't you hate it when you suspect something unpleasant is likely to happen and then it turns into an "I told you so"? Are you one of the millions of people who depend upon Skype? Remember when Microsoft bought Skype? Did you wonder just how long it would be before Skype was ruined with a backdoor for easy-access eavesdropping? A Microsoft patent mentions both law enforcement and government having a need to sometimes "monitor communications," but is aimed at VoIP "recording agents" for "silently recording communications," and possibly indicates future Skype surveillance.

According to ConceivablyTech, the U.S. Patent and Trademark Office published a Microsoft patent application that might indicate Microsoft will add "recording agents" for eavesdropping purposes, "to legally intercept VoIP phone calls."

Since companies seem to get up-in-arms when you write about patents that most have filed for the purpose of using at some point in the future, but only when it wants to release the news to the public, let me qualify this article by a CYOA statement. It is a fact that just because a company files a patent for something doesn't always mean it intends to use it.

The Microsoft patent called "Legal Intercept" (images here) was filed on December 23, 2009, way before Microsoft ever acquired Skype. However, section [0028] specifically mentions Skype. "As mentioned previously, traditional techniques for silently recording telephone communication may not work correctly with VoIP and other network-based communication technology. As used hereafter, the term VoIP is used to refer to standard VoIP as well as any other form of packet-based communication that may be used to transmit audio over a wireless and/or wired network. For example, VoIP may include audio messages transmitted via gaming systems, instant messaging protocols that transmit audio, Skype and Skype-like applications, meeting software, video conferencing software, and the like."

According to the abstract, "Aspects of the subject matter described herein relate to silently recording communications. In aspects, data associated with a request to establish a communication is modified to cause the communication to be established via a path that includes a recording agent. Modification may include, for example, adding, changing, and/or deleting data within the data. The data as modified is then passed to a protocol entity that uses the data to establish a communication session. Because of the way in which the data has been modified, the protocol entity selects a path that includes the recording agent. The recording agent is then able to silently record the communication."

A remote entity will start the recording agent after being triggered by "events" or a "sequence of events." The communications might be stored for law enforcement to use at some point in the future. According to number 9, "comprising storing data corresponding to the communication to a storage medium for later retrieval by a law enforcement agent."

What does all this mean? Who knows, but it's not looking good for Skype. Microsoft has a history of working closely with law enforcement and of spying on its users for free. This fact was discovered by FOIA requests from security researcher Christopher Soghoian before he announced that Microsoft does not charge the government or law enforcement even a penny for surveillance of its users. Also, in the past, Microsoft took down Cryptome after it published a "top-secret" Internet surveillance guide meant only for law enforcement. That document, for the curious, can be read here.

But don't worry, all these giants are about the same. Google updated its transparency report and "fully or partially complied" with 94% of the 4,601 U.S. government data requests from July to December 2010. Sheesh.